When China Redirected 15% Of Internet Traffic... Was It On Purpose Or An Error?
from the encryption... dept
Also, it should be noted that this isn't new. Some folks appeared to spot this soon after it happened as it wasn't even remotely covert -- and also said that it appeared to be a "fat fingers" type of mistake based on the way it took place. Yet, to read the McAfee report, the assumption is that it must have been for nefarious reasons. Perhaps, but that wasn't what it appeared to be initially.
Of course, McAfee is pointing out that some of the traffic included US government and military traffic, but the US government said it was no big deal because its traffic was encrypted. However, McAfee is claiming that the US government is still at risk, and that it should be concerned. The explanation at "National Defense Magazine" based on what McAfee said seems slightly misleading:
"If China telecom intercepts that [encrypted message] and they are sitting on the middle of that, they can send you their public key with their public certificate and you will not know any better," he said. The holder of this certificate has the capability to decrypt encrypted communication links, whether it's web traffic, emails or instant messaging, Alperovitch said. "It is a flaw in the way the Internet operates," said Yoris Evers, director of worldwide public relations at McAfee.It would be great if a security expert could chime in here, but this seems like a rather simplified version of how a man-in-the-middle attack on public key encryption would work. It's possible that it could work in some specific instances, but this report makes it out like China could automatically read any encrypted message.